工作我试图建立,将创造一个lambda功能,并且可以访问它的APIGateway一个CloudFormation模板。但是,尽管设置了如下所示的Lambda:InvokeFunction权限(并尝试在其他SO问题中推荐的每一个日光下的排列),但我得到消息Execution failed due to configuration error: Invalid permissions on Lambda function.
无法获得ApiGateway LAMBDA:InvokeFunction权限CloudFormation
我唯一可以实现它的方法是如果我进入AWS控制台和手动取消设置,并重新设置APIGateway的目的地拉姆达。
我也试过CLI没有效果:
aws lambda add-permission --function-name $updatedFunction.FunctionName --statement-id "AllowExecutionFromAPIGateway" --action "lambda:InvokeFunction" --principal "apigateway.amazonaws.com" --source-arn $api.StackId
没有人有任何了解为什么这些权限是行不通的?
...
"Get":{
"Type":"AWS::Lambda::Function",
"Properties":{
"Code":{
"S3Bucket":"webapistack-bucket-org0oolyde9v",
"S3Key":"webapi/webapistack-636349410359047808.zip"
},
"Tags":[
{
"Value":"SAM",
"Key":"lambda:createdBy"
}
],
"MemorySize":256,
"Environment":{
"Variables":{
"AppS3Bucket":{
"Fn::If":[
"CreateS3Bucket",
{
"Ref":"Bucket"
},
{
"Ref":"BucketName"
}
]
}
}
},
"Handler":"webapi::webapi.LambdaEntryPoint::FunctionHandlerAsync",
"Role":{
"Fn::GetAtt":[
"GetRole",
"Arn"
]
},
"Timeout":30,
"Runtime":"dotnetcore1.0"
}
},
"GetPutResourcePermissionTest":{
"Type":"AWS::Lambda::Permission",
"Properties":{
"Action":"lambda:invokeFunction",
"Principal":"apigateway.amazonaws.com",
"FunctionName":{
"Ref":"Get"
},
"SourceArn":{
"Fn::Sub":[
"arn:aws:execute-api:WS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/ANY/*",
{
"__Stage__":"*",
"__ApiId__":{
"Ref":"ServerlessRestApi"
}
}
]
}
}
},
...
"ServerlessRestApi":{
"Type":"AWS::ApiGateway::RestApi",
"Properties":{
"Body":{
"info":{
"version":"1.0",
"title":{
"Ref":"AWS::StackName"
}
},
"paths":{
"/{proxy+}":{
"x-amazon-apigateway-any-method":{
"x-amazon-apigateway-integration":{
"httpMethod":"POST",
"type":"aws_proxy",
"uri":{
"Fn::Sub":"arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Get.Arn}/invocations"
}
},
"responses":{
}
}
}
},
"swagger":"2.0"
}
}
}
这工作 - 谢谢。如提到要删除的任何运营商也有 - 为别人的注意事项。 –